• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

My actual desktop has been hijacked

2 posts in this topic

I've had hijackers before and various other common dirty programs, but now I have a desktop image that is kind of like a webpage existing beneath my icons. It says "warning you're in danger" and then goes on to explain the typical sales pitch that my computer is infected and my privacy is comprimised blah blah blah. There's no company or program name on it, but it has links like a web page. Also, I change my desktop image but it makes no difference (and the image I chose remains the image chosen in control panels.)


Here is my weblog.


Logfile of HijackThis v1.97.7

Scan saved at 오전 1:51:46, on 2004-07-18

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:









C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe






C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe


C:\WINDOWS\System32\P2P Networking\P2P Networking.exe


C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe



C:\Program Files\Weatherscope\Weatherscope.exe

C:\Program Files\iPod\bin\iPodService.exe





C:\Program Files\VPower\PCZiggy\FreeChal\PZRun.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe


D:\will stuff\HijackThis.exe


R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\PROGRA~1\Ahnlab\V3\V3Bar.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.111-big.dll

O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.111-big.dll

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\PROGRA~1\Ahnlab\V3\V3Bar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32



O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [winsystem] C:\WINDOWS\system32\winsystem.exe /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKLM\..\RunOnce: [PZLinkCheck] C:\Program Files\VPower\PCZiggy\FreeChal\PZLinkCheck.exe

O4 - Startup: NTUSER.DAT

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Global Startup: NTUSER.DAT

O4 - Global Startup: NTUSER.DAT.LOG

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://dizzo.contents.mylinker.co.kr/module/MyLinker.cab

O16 - DPF: {0DF22B4E-B443-40D6-893E-CED239DFC83F} (FcMailAttachCtrl.MailDropBox) - http://home.freechal.com/etc/FcActivePacka...cMailAttach.CAB

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!

O16 - DPF: {15A0BCA7-0557-4BAC-9B4C-7CE9172BB9CF} (MuzMakeIconCtrl Class) - http://image.muzcast.com/activex/muzicon/MuzIcon.cab

O16 - DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} (PZLaunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1CF034F9-79AC-427B-9A51-9B909EC3CF85} (WebMSN_IEObj Class) - http://blogimgs.naver.com/msg/Webmsn_comp_1_0_0_6.CAB

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab

O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal.empas.com/EmpasFilebox.cab

O16 - DPF: {49233226-72EC-11D6-918E-0050DA8B1AD6} (AnyGuide Control) - http://smap.naver.com/s/naver2/admin/ocx/anyGuide.ocx

O16 - DPF: {5373CE59-8BB8-45DF-96FB-7DC2F668D674} (P3BugsCtrl Class) - http://player.bugs.co.kr/player/cab/bugsmedia_0527.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13dbf0fcac98e1...ip/RdxIE601.cab

O16 - DPF: {598E9A0F-2292-4FBD-A577-A44352839FE9} (bizresume control) - http://www.bizresume.co.kr/bizresume.cab

O16 - DPF: {5AD24A59-4FF7-42D0-A7D0-20FD302CAC1F} (EmpasFileUpload Class) - http://empal.empas.com/kr/EmpasFileUpload.cab

O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB

O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.bccard.com/initech/plugin/axINIplugin40.cab

O16 - DPF: {73257F5A-A0E3-4904-A64E-CE6D892E404D} (Empas File Upload Control) - http://empal.empas.com/kr/EmpasFileUpload.cab

O16 - DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} (UniAuth Class) - http://login.unitel.co.kr/iplug/lmgr2108.cab

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/.../xw_install.cab

O16 - DPF: {80F80B6C-15DC-441A-B8C8-4A47473DA4F4} (howwriting control) - http://www.howwriting.com/howwriting.cab

O16 - DPF: {829ACCA1-9665-4CFA-BFCB-20DDBB6096E2} (TelecOcx Control) - http://img.telec.co.kr/file/TelecOcx.cab

O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld.nate.com/cychannel_clu...lubmain1_11.CAB

O16 - DPF: {92C72FAE-CA6F-4FC2-A800-934C9C4145F9} (V3D_MiddleWare Class) - http://img.telec.co.kr/file/V3D_MiddleWare.cab

O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7692.7577777778

O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040708.cab

O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggy.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...nds/install.cab

O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab

O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab

O16 - DPF: {D6C10324-2FD5-11D4-9B4D-00104B880ED4} (NamoWeCtl 1.0 (KPP)) - http://empal.empas.com/kr/namowe.cab

O16 - DPF: {D6D424E5-DE1C-4E91-8B59-00F5D860E3BF} (KillRecord Control) - http://wmpdownload.nefficient.co.kr/wmpdow.../KillRecord.cab

O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab

O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} -

O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.hmall.com/initech/plugin/INISafeWeb50.cab

O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} - http://login.freechal.com/freechalon/FcOnCtl7.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A950E2DE-BC0F-43FA-AEFB-0DE42237ABD9}: NameServer =


Thank you very much if anyone can help me out at all with this craziness. :)


EDIT:: Something extra I just recalled. Whenever I click on a link in a website, then back up my browser, if I open a second window or while on that second window I click another link or close the window then my first window (where I clicked and backed up) will go forward automatically to the page I had most recently backed up from. It's only a small annoyance but the strangeness of it worries me.

Edited by SLUGFly

Share this post

Link to post
Share on other sites

Hey, I reposted to my topic following your reply. It sounds like we have the same problem. My desktop talks about the same stuff. If I get a response that works, I will let you know. Thanks for your help.

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0